Denis.Russell@newcastle.ac.uk (05/29/90)
I don't know whether this is the right mailing list for this
query. If not, then apologies, and please direct me to a more
suitable list.
The Kerberos system supplies one of the necessities for seamless
distributed processing - authentication, and the concept of a
single distributed-system-wide identity. One of the other
concepts that I've always thought of as a natural extension of
this is that of network accounting. That is, the allocation of
resources to individuals or "accounts" and the proper accounting
for the "spending" or possible transfer of these resources.
Some might even correspond to real money, while others might be
line-printer pages, say, or even entities or tokens generated by
value-added services. All this needs to be done at the
institutional level, above the level of individual machines.
My understanding is that Project Athena does not have any such
accounting concept - though I'm open to immediate correction on
this. However, many Computing Centres are moving strongly
towards cost recovery in various forms, and I believe that
strong generalized network accounting services (quite
independent of individual "hosts" or "machines") are inevitable.
I'm just hoping that someone has devised such a creature so we
don't have to make one ourselves.
Denis Russell
Denis Russell JANET: Denis.Russell@uk.ac.newcastle
Computing Laboratory ARPA: Denis.Russell@newcastle.ac.uk
The University
Claremont Road Tel: (+44) 91 222 8243
Newcastle upon Tyne Fax: (+44) 91 222 8232
NE1 7RU Telex: 53 65 4 UNINEW G
ENGLANDdavecb@yunexus.UUCP (David Collier-Brown) (05/30/90)
Denis.Russell@newcastle.ac.uk writes: >I don't know whether this is the right mailing list for this >query. If not, then apologies, and please direct me to a more >suitable list. I'm going to claim that comp.protocols.misc is a "right" place, and direct followups there... | One of the other | concepts that I've always thought of as a natural extension of | this is that of network accounting. That is, the allocation of | resources to individuals or "accounts" and the proper accounting | for the "spending" or possible transfer of these resources. I see this as a protocol layered on Kerberos, such that an accounting server gives out accounting tickets (:-)) which in turn contain/accompany kerberos tickets. At the programmatic level, this can be quite easy: for services with a fixed cost per use it only requires linking with a library which overloads the kerberos authentication calls with calls to the accounting service, which in turn depends on kerberos for authentication of the request/response. For services with a variable cost (ie, printers), it requires explicit attention, with calls to both accounting and authentication services. At the protocol level, it looks fairly hard! It does require a distributed database (unless accounting outages are to lock up all the services!) and some carefull study to get it right. | I'm just hoping that someone has devised such a creature so we | don't have to make one ourselves. Well, someone is sure to point out that Athena has been working on a printing service with accounting (Palladium), but when I was there earlier this year they had just put installing it off again until at least the 6.5 release. I suspect (ie, hope) we'll hear a bit about Palladium in this discussion. --dave -- David Collier-Brown, | davecb@Nexus.YorkU.CA, ...!yunexus!davecb or 72 Abitibi Ave., | {toronto area...}lethe!dave Willowdale, Ontario, | "And the next 8 man-months came up like CANADA. 416-223-8968 | thunder across the bay" --david kipling